Paper Info
Title
Do not jail my app: Detecting the Android plugin environments by time lag contradiction.
Abstract
Many Android apps today face problems such as the large application package (APK) size, frequent updates, and so on. The Android plugin technology provides a solution for app developers, allowing a running app to dynamically load and execute a separate APK file without installing it in the system. These dynamically loaded APKs are called plugins. In Android app markets, many multi-instance apps abuse this technology to load normal social apps as plugins. While satisfying the users' demand for logging into multiple accounts simultaneously, it brings new security threats to the legitimate apps. Sensitive API invocations can be hijacked and private data becomes accessible to malicious multi-instance apps. Therefore, identifying the running environments becomes necessary. In this paper, we propose a novel detection mechanism, named PluginAssassin, to identify whether an app is running as a plugin. PluginAssassin uses the time ratio of different activity launching procedures to determine the running environment, conforming to the observed time lag contradiction phenomenon. We also present a mitigation mechanism for the Delta T attack specific to our approach. We collect 50 multi-instance apps from two app markets and implement PluginAssassin in five popular social apps. We assess the effectiveness on three devices and the experimental results show that PluginAssassin can detect plugin environments effectively.
Year
DOI
Venue
2020
10.3233/JCS-191325
JOURNAL OF COMPUTER SECURITY
Keywords
DocType
Volume
Android,plugin environment,time lag contradiction,time ratio,Delta T attack
Journal
28
Issue
ISSN
Citations 
2
0926-227X
0
PageRank 
References 
Authors
0.34
0
4
Name
Order
Citations
PageRank
Yifang Wu100.68
Jianjun Huang2343.30
Bin Liang3386.75
Wenchang Shi419824.17